Lucene search
K
SymantecRecent

6867 matches found

Symantec
Symantec
•added 2021/12/11 1:6 a.m.•685 views

Symantec Security Advisory for Log4j Vulnerability

Summary Symantec products may be susceptible to a flaw in the Apache Log4j 2 library JNDI lookup mechanism. A remote attacker, who can trigger Log4j to log crafted malicious strings, can execute arbitrary code on the target system. Affected Products The following products and product versions are...

9.3CVSS1.2AI score0.99999EPSS
Exploits357Affected Software15
Symantec
Symantec
•added 2021/06/29 3:32 p.m.•124 views

Authentication Bypass in ASG and ProxySG

Summary The Symantec Advanced Secure Gateway ASG and ProxySG web management consoles are susceptible to an authentication bypass vulnerability. An unauthenticated attacker can execute arbitrary CLI commands, view/modify the appliance configuration and policy, and shutdown/restart the appliance...

10CVSS1.5AI score0.02665EPSS
Exploits0Affected Software2
Symantec
Symantec
•added 2021/06/21 4:51 p.m.•285 views

Symantec Security Update

Symantec Endpoint Protection, Data Center Security and Cloud Workload Protection Security Update Summary Symantec - A Division of Broadcom has released updates to address issues that were discovered in the Symantec Endpoint Protection Manager SEPM, Symantec Endpoint Protection SEP, Data Center...

1.4AI score
Exploits0Affected Software1
Symantec
Symantec
•added 2021/04/20 7:54 p.m.•78 views

OS Command Injection in Security Analytics

Summary The Symantec Security Analytics web UI is susceptible to an OS command injection vulnerability. A remote unauthenticated attacker, who has access to the Security Analytics web UI, can execute arbitrary OS commands on the target with elevated privileges. Affected Products The following...

10CVSS2.9AI score0.02665EPSS
Exploits0Affected Software1
Symantec
Symantec
•added 2021/04/07 7:44 p.m.•93 views

OpenSSL Vulnerabilities Mar 2021

Summary Symantec Network and Information Security NIS products using affected versions of OpenSSL may be susceptible to two vulnerabilities. A remote attacker may be able to cause denial of service through application crashes. An application may successfully validate an invalid X.509 certificate...

5.8CVSS0.9AI score0.62906EPSS
Exploits4Affected Software2
Symantec
Symantec
•added 2021/03/16 7:59 p.m.•245 views

Apache Tomcat Vulnerabilities May 2020 - Mar 2021

Summary Symantec Network and Information Security NIS products using affected versions of Apache Tomcat may be susceptible to multiple vulnerabilities. A remote attacker may be able to execute arbitrary code on the target server, observe HTTP responses for other users' requests, obtain JSP source...

5CVSS1.9AI score0.87553EPSS
Exploits17Affected Software1
Symantec
Symantec
•added 2021/03/09 7:16 p.m.•126 views

OpenSSL Vulnerabilities Sep 2020 - Feb 2021

Summary Symantec Network and Information Security NIS products using affected versions of OpenSSL may be susceptible to multiple vulnerabilities. A remote attacker may be able to decrypt encrypted communication from an SSL/TLS connection, downgrade a newly established SSL/TLS connection to SSLv2,...

5CVSS0.4AI score0.50732EPSS
Exploits3Affected Software16
Symantec
Symantec
•added 2020/12/11 12:0 a.m.•10579 views

Linux Kernel CVE-2019-5108 Denial of Service Vulnerability

Description Linux Kernel is prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause denial-of-service conditions. Versions prior to Linux kernel 5.3 are vulnerable. Technologies Affected Linux kernel 2.0.0 Linux kernel 2.0.1 Linux kernel 2.0.10 Linux kernel 2.0.11...

3.3CVSS1.2AI score0.10114EPSS
Exploits1References1Affected Software1
Symantec
Symantec
•added 2020/12/08 9:25 p.m.•55 views

Privilege Escalation and Information Disclosure Vulnerabilities in SMG

Summary Symantec Messaging Gateway SMG is susceptible to privilege escalation and information disclosure vulnerabilities. A malicious, authenticated, privileged user can further elevate their privileges on the system, or obtain a password for a remote SCP backup server that they might not otherwi...

9CVSS1AI score0.01492EPSS
Exploits0Affected Software1
Symantec
Symantec
•added 2020/11/18 2:27 p.m.•160 views

Symantec Endpoint Detection & Response Security Update

Summary Symantec - A Division of Broadcom has released an update to address an issue that was discovered in the Symantec Endpoint Detection & Response SEDR product. Affected Products Symantec Endpoint Detection & Response SEDR --- CVE | Affected Version | Remediation CVE-2020-12593 | Prior to 4.5...

5CVSS1AI score0.01972EPSS
Exploits1Affected Software1
Symantec
Symantec
•added 2020/07/08 2:23 p.m.•33 views

SEDR Information Disclosure

Summary Symantec - A Division of Broadcom has released an update to address an issue that was discovered in the Symantec Endpoint Detection & Response SEDR product. Affected Product Symantec Endpoint Detection and Response SEDR --- CVE | Affected Versions | Remediation CVE-2020-5839 | Prior to 4....

5CVSS1.2AI score0.02014EPSS
Exploits1Affected Software1
Symantec
Symantec
•added 2020/06/12 8:41 p.m.•133 views

Apache HTTP Server Vulnerabilities Jan 2019 - Apr 2020

Summary Symantec Web Security Group WSG products using affected versions of Apache HTTP Server may be susceptible to multiple vulnerabilities. A remote attacker can bypass security controls, modify the behavior of HTTP Server configuration, obtain information from the server process memory, perfo...

7.8CVSS0.9AI score0.81466EPSS
Exploits14Affected Software1
Symantec
Symantec
•added 2020/05/19 8:35 p.m.•52 views

OpenSSL Vulnerabilities Sep 2019 – Apr 2020

Summary Symantec Web Security Group WSG products using affected versions of OpenSSL may be susceptible to multiple vulnerabilities. A local or remote attacker can obtain private key or other secret key information. A remote attacker can also cause denial of service. Affected Products The followin...

5CVSS0.6AI score0.53336EPSS
Exploits2Affected Software7
Symantec
Symantec
•added 2020/05/13 1:35 p.m.•24 views

IT Analytics XSS

Summary Symantec has released an update to address an issue that was discovered in the IT Analytics product. Affected Products IT Analytics --- CVE | Affected Versions | Remediation CVE-2020-5838 | Prior to 2.9.1 | Upgrade to 2.9.1 Issue Details CVE-2020-5838 --- Severity/CVSSv3: | Medium / 4.3...

3.5CVSS0.3AI score0.00689EPSS
Exploits0Affected Software1
Symantec
Symantec
•added 2020/05/12 7:2 p.m.•123 views

Apache Tomcat Vulnerabilities Oct 2018 – Feb 2020

Summary Symantec SWG products using affected versions of Apache Tomcat may be susceptible to multiple vulnerabilities. A remote attacker can execute arbitrary code on the target host, hijack an authenticated Tomcat user's session, redirect a Tomcat user to an arbitrary URL, execute arbitrary...

9.3CVSS2.8AI score0.99652EPSS
Exploits62Affected Software4
Symantec
Symantec
•added 2020/05/11 2:39 p.m.•89 views

Symantec Endpoint Protection Security Update

Summary Symantec, A Division of Broadcom has released updates to address issues that were discovered in the Symantec Endpoint Protection SEP and Symantec Endpoint Protection Manager SEPM products. Affected Products Symantec Endpoint Protection Manager SEPM --- CVE | Affected Versions | Remediatio...

5CVSS0.8AI score0.0165EPSS
Exploits0Affected Software2
Symantec
Symantec
•added 2020/05/06 6:48 p.m.•145 views

Nginx Vulnerabilities Jul 2017 - Oct 2019

Summary Symantec SWG products using affected versions of Nginx may be susceptible to multiple Nginx vulnerabilities. A remote attacker can use crafted requests to obtain sensitive information or cause denial of service. An attacker can also obtain sensitive information or cause denial of service ...

7.8CVSS1.8AI score0.82017EPSS
Exploits7Affected Software2
Symantec
Symantec
•added 2020/04/21 8:41 p.m.•335 views

OpenSSH Vulnerabilities Jan-Oct 2019

Summary Symantec SWG products using affected versions of OpenSSH are susceptible to multiple vulnerabilities. A malicious SCP server or SCP man-in-the-middle MITM attacker can modify state on the SCP client host. A local attacker can cause denial of service through OpenSSH application crashes...

10CVSS1.7AI score0.58204EPSS
Exploits11Affected Software5
Symantec
Symantec
•added 2020/04/09 9:24 p.m.•49 views

Session Hijacking Vulnerability in ProxySG and ASG

Summary The ASG and ProxySG management consoles are susceptible to a session hijacking vulnerability. A remote attacker, with access to the appliance management interface, can hijack the session of a currently logged-in user and access the management console. Affected Products Advanced Secure...

6.4CVSS1AI score0.01231EPSS
Exploits0Affected Software2
Symantec
Symantec
•added 2020/04/09 9:15 p.m.•35 views

CSRF Token Information Disclosure in MC

Summary The Management Center MC web UI is susceptible to a CSRF token disclosure vulnerability. A remote attacker, who has access to an authenticated MC user's web browser history or a network device that intercepts/logs traffic to MC, can obtain CSRF tokens and use them to perform CSRF attacks...

4.3CVSS0.9AI score0.00705EPSS
Exploits0Affected Software1
Symantec
Symantec
•added 2020/04/06 12:51 p.m.•33 views

Data Center Security Privilege Escalation

Summary Symantec has released an update to address an issue that was discovered in the Data Center Security Manager component. Affected Products Data Center Security Manager Component --- CVE | Affected Versions | Remediation CVE-2020-5832 | Prior to 6.8.2 aka 6.8 MP2 | Upgrade 6.8.2 aka 6.8 MP2...

4.6CVSS1.6AI score0.00383EPSS
Exploits0Affected Software1
Symantec
Symantec
•added 2020/03/03 1:37 p.m.•50 views

Symantec Endpoint Protection Multiple Issues

Summary Symantec has released updates to address issues that were discovered in the Symantec Endpoint Protection SEP, Symantec Endpoint Protection Manager SEPM, and Symantec Endpoint Protection Small Business Edition SEP SBE products. At this time, Symantec is not aware of any exploitations or...

4.6CVSS0.3AI score0.00427EPSS
Exploits0Affected Software2
Symantec
Symantec
•added 2020/01/14 12:0 a.m.•41 views

Microsoft Dynamics 365 CVE-2020-0656 Cross Site Scripting Vulnerability

Description Microsoft Dynamics 365 is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may...

5.8AI score0.01475EPSS
Exploits0Affected Software1
Symantec
Symantec
•added 2020/01/14 12:0 a.m.•22 views

Oracle Banking Corporate Lending cpujan2020 Multiple Security Vulnerabilities

Description Oracle Banking Corporate Lending is prone to multiple security vulnerabilities. These vulnerabilities can be exploited over the 'HTTP' protocol. The 'Core module' component is affected. These vulnerabilities affect the following supported versions: 12.3.0 through 12.4.0, 14.0.0 throug...

1.5AI score
Exploits0References1Affected Software1
Symantec
Symantec
•added 2020/01/14 12:0 a.m.•46 views

SAP NetWeaver Process Integration CVE-2020-6305 Cross Site Scripting Vulnerability

Description SAP NetWeaver Process Integration is prone to an cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. Remote attackers can exploit this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected...

1.2AI score0.00654EPSS
Exploits0References2Affected Software1
Symantec
Symantec
•added 2020/01/14 12:0 a.m.•27 views

Oracle GraalVM Enterprise Edition CVE-2020-2581 Local Security Vulnerability

Description Oracle GraalVM Enterprise Edition is prone to a local security vulnerability. The 'LLVM Interpreter' component is affected. This vulnerability affects the following supported versions: 19.3.0.2 Technologies Affected Oracle GraalVM Enterprise Edition 19.3.0.2 Recommendations Block...

2.1AI score0.00402EPSS
Exploits0References1Affected Software1
Symantec
Symantec
•added 2020/01/14 12:0 a.m.•77 views

Oracle Java SE/Java SE Embedded/GraalVM CVE-2020-2604 Remote Security Vulnerability

Description Oracle Java SE/Java SE Embedded/GraalVM are prone to a remote security vulnerability. The vulnerability can be exploited over multiple protocols. This issue affects the 'Serialization' component. This vulnerability affects the following supported versions: Java SE: 7u241, 8u231, 11.0....

8.1AI score0.04903EPSS
Exploits0References1Affected Software2
Symantec
Symantec
•added 2020/01/14 12:0 a.m.•38 views

Microsoft Excel CVE-2020-0650 Remote Code Execution Vulnerability

Description Microsoft Excel is prone to a remote code-execution vulnerability. An attacker can leverage this issue to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in denial of service conditions. Technologies Affected Microsoft...

0.8AI score0.17168EPSS
Exploits0Affected Software2
Symantec
Symantec
•added 2020/01/14 12:0 a.m.•76 views

Oracle WebLogic Server CVE-2020-2550 Local Security Vulnerability

Description Oracle WebLogic Server is prone to a local security vulnerability. The 'WLS Core Components' component is affected. This vulnerability affects the following supported versions: 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 Technologies Affected Oracle Weblogic Server 10.3.6.0.0 Oracl...

2.1AI score0.00527EPSS
Exploits0References1Affected Software1
Symantec
Symantec
•added 2020/01/14 12:0 a.m.•129 views

Oracle Coherence CVE-2020-2555 Multiple Remote Security Vulnerabilities

Description Oracle Coherence is prone to multiple remote security vulnerabilities. The vulnerability can be exploited over the 'T3' protocol. The 'Caching', 'CacheStore' and 'Invocation' components are affected. This vulnerability affects the following supported versions: 12.1.3.0.0, 12.2.1.3.0 a...

1.3AI score0.97116EPSS
Exploits26References1Affected Software1
Symantec
Symantec
•added 2020/01/14 12:0 a.m.•42 views

Microsoft Windows CVE-2020-0621 Security Bypass Vulnerability

Description Microsoft Windows is prone to a security bypass vulnerability. Successfully exploiting this issue may allow attackers to bypass certain security restrictions and perform unauthorized actions. This may lead to other attacks. Technologies Affected Microsoft Windows 10 Version 1709 for...

1.4AI score0.00972EPSS
Exploits0Affected Software2
Symantec
Symantec
•added 2020/01/14 12:0 a.m.•52 views

Oracle Siebel CRM CVE-2020-2559 Remote Security Vulnerability

Description Oracle Siebel CRM is prone to a remote security vulnerability. This vulnerability affects the 'UIF Open UI' component and can be exploited over the 'HTTP' protocol. This vulnerability affects the following supported versions: 19.7 and prior Technologies Affected Oracle Siebel UI...

1.2AI score0.01694EPSS
Exploits0References1Affected Software1
Symantec
Symantec
•added 2020/01/14 12:0 a.m.•36 views

Microsoft Windows Win32k CVE-2020-0642 Local Privilege Escalation Vulnerability

Description Microsoft Windows is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to execute arbitrary code in kernel mode with elevated privileges. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version...

1.9AI score0.01498EPSS
Exploits5Affected Software3
Symantec
Symantec
•added 2020/01/14 12:0 a.m.•34 views

Microsoft Windows Search Indexer CVE-2020-0629 Local Privilege Escalation Vulnerability

Description Microsoft Windows is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to execute arbitrary code with elevated privileges. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for...

1.4AI score0.00749EPSS
Exploits0Affected Software3
Symantec
Symantec
•added 2020/01/14 12:0 a.m.•36 views

Microsoft OneDrive for Android CVE-2020-0654 Security Bypass Vulnerability

Description Microsoft OneDrive for Android is prone to a security-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may aid in launching further attacks. Technologies Affected Microsoft OneDrive Recommendations...

0.7AI score0.03476EPSS
Exploits0
Symantec
Symantec
•added 2020/01/14 12:0 a.m.•45 views

Oracle E-Business Suite CVE-2020-2591 Remote Security Vulnerability

Description Oracle E-Business Suite is prone to a remote security vulnerability in 'Oracle Web Applications Desktop Integrator' product. This vulnerability can be exploited over the 'HTTP' protocol. The 'Application Service' component is affected. This vulnerability affects the following supporte...

8AI score0.01314EPSS
Exploits0References1Affected Software1
Symantec
Symantec
•added 2020/01/14 12:0 a.m.•45 views

Oracle iLearning CVE-2020-2709 Remote Security Vulnerability

Description Oracle iLearning is prone to a remote security vulnerability. The vulnerability can be exploited over the 'HTTP' protocol. The 'Learner Pages' component is affected. This vulnerability affects the following supported versions: 6.1 Technologies Affected Oracle iLearning 6.1...

1.1AI score0.01067EPSS
Exploits0References1Affected Software1
Symantec
Symantec
•added 2020/01/14 12:0 a.m.•25 views

Oracle Siebel CRM Cpujan2020 Multiple Remote Security Vulnerabilities

Description Oracle Siebel CRM is prone to multiple remote security vulnerabilities. These vulnerabilities affect the 'EAI' and 'SWSE Server' components and can be exploited over the 'HTTP' protocol. These vulnerabilities affect the following supported versions: 19.10 and prior Technologies Affect...

1.4AI score
Exploits0References1Affected Software1
Symantec
Symantec
•added 2020/01/14 12:0 a.m.•46 views

Adobe Experience Manager CVE-2019-16469 Information Disclosure Vulnerability

Description Adobe Experience Manager is prone to an information-disclosure vulnerability. Remote attackers can exploit this issue to gain access to sensitive information that may aid in further attacks. Adobe Experience Manager 6.5 is vulnerable. Technologies Affected Adobe Experience Manager 6.5...

1.1AI score0.17186EPSS
Exploits0References1Affected Software1
Symantec
Symantec
•added 2020/01/14 12:0 a.m.•38 views

Microsoft Windows Hyper-V CVE-2020-0617 Denial of Service Vulnerability

Description Microsoft Windows is prone to a denial of service vulnerability. An attacker can exploit this issue to crash the host machine, resulting in a denial of service condition. Technologies Affected Microsoft Hyper-V Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows ...

0.3AI score0.01316EPSS
Exploits0Affected Software2
Symantec
Symantec
•added 2020/01/14 12:0 a.m.•66 views

Oracle Database Server CVE-2020-2568 Local Security Vulnerability

Description Oracle Database Server is prone to a local security vulnerability that exists in Oracle Applications DBA. The vulnerability can be exploited over the 'Local Logon' protocol. For an exploit to succeed, the attacker must have 'Local Logon' privilege. This vulnerability affects the...

2AI score0.00717EPSS
Exploits0References1Affected Software1
Symantec
Symantec
•added 2020/01/14 12:0 a.m.•176 views

Microsoft Windows Remote Desktop Client CVE-2020-0611 Remote Code Execution Vulnerability

Description Microsoft Windows is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the affected application. Failed attacks will cause denial-of-service conditions. Technologies Affected Microsoft Windows 10 Version 1607 f...

0.7AI score0.0808EPSS
Exploits0Affected Software3
Symantec
Symantec
•added 2020/01/14 12:0 a.m.•125 views

Microsoft Windows Remote Desktop Protocol CVE-2020-0610 Remote Code Execution Vulnerability

Description Microsoft Windows Remote Desktop Protocol is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely cause a denial-of-service condition. Technologies...

0.6AI score0.6526EPSS
Exploits8Affected Software1
Symantec
Symantec
•added 2020/01/14 12:0 a.m.•113 views

Microsoft Windows Remote Desktop Web Access CVE-2020-0637 Information Disclosure Vulnerability

Description Microsoft Windows Remote Desktop Web Access is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks. Technologies Affected Microsoft Windows Server 2008 R2 for x64-based Systems SP1...

0.5AI score0.05027EPSS
Exploits0Affected Software1
Symantec
Symantec
•added 2020/01/14 12:0 a.m.•43 views

Microsoft Office CVE-2020-0652 Memory Corruption Vulnerability

Description Microsoft Office is prone to a memory-corruption vulnerability. An attacker can leverage this issue to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in denial of service conditions. Technologies Affected Microsoft...

1AI score0.16962EPSS
Exploits0Affected Software1
Symantec
Symantec
•added 2020/01/14 12:0 a.m.•14 views

Oracle E-Business Suite cpujan2020 Multiple Security Vulnerabilities

Description Oracle E-Business Suite is prone to multiple security vulnerabilities. These vulnerabilities can be exploited over 'HTTPS' protocol. The 'Message Display', 'Shopping Cart', 'Others', 'Call Phone Number Page', 'Wireless' components are affected. These vulnerabilities affect the followi...

0.8AI score
Exploits0References1Affected Software1
Symantec
Symantec
•added 2020/01/14 12:0 a.m.•17 views

Oracle Enterprise Manager Base Platform cpujan2020 Multiple Remote Security Vulnerabilities

Description Oracle Enterprise Manager Base Platform is prone to multiple remote security vulnerabilities. These vulnerabilities can be exploited over HTTP protocol. The 'Enterprise Config Management', 'Application Service Level Mgmt, 'Cloud Control Manager - OMS', 'Configuration Standard...

0.2AI score
Exploits0References1Affected Software1
Symantec
Symantec
•added 2020/01/14 12:0 a.m.•34 views

Adobe Experience Manager APSB20-01 Multiple Cross Site Scripting Vulnerabilities

Description Adobe Experience Manager is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affecte...

7.4AI score
Exploits0Affected Software1
Symantec
Symantec
•added 2020/01/14 12:0 a.m.•17 views

Oracle Business Intelligence Enterprise Edition Multiple Remote Security Vulnerabilities

Description Oracle Business Intelligence Enterprise Edition is prone to multiple remote security vulnerabilities. These vulnerabilities can be exploited over the 'HTTP' protocol. The 'Analytics Actions', 'BI Platform Security' and 'Analytics Server' components are affected. These vulnerabilities...

1AI score
Exploits0References1Affected Software1
Symantec
Symantec
•added 2020/01/14 12:0 a.m.•54 views

SAP Leasing CVE-2020-6306 Remote Authorization Bypass Vulnerability

Description SAP Leasing is prone to an authorization-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks. Technologies Affected SAP Leasing 6.0 SAP Leasing 6.02 SAP Leasing 6.0...

0.6AI score0.00596EPSS
Exploits0References2Affected Software1
Total number of security vulnerabilities6867